hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yi Liu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10604) CryptoFileSystem decorator using xAttrs and KeyProvider
Date Mon, 16 Jun 2014 12:46:03 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Yi Liu updated HADOOP-10604:
----------------------------

    Attachment: HADOOP-10604.1.patch

Hi Uma, the new patch includes update for your comments.
{quote}
typo. Doen't -> Doesn't ?
{quote}
Right, let’s modify it.

{quote}
Seems like we are not allowing nested encryption zones, but cfs will take client side configuration,
one client would have configured one dir and other client could configure the sub dir of it.
In this case how would we avoid nested encryption zones to configure from the checks?
{quote}
Nice, I consider this more later, and we can support nested encryption zones.  So let’s
remove the restriction of nested encryption zones. Typically encryption zones are used to
stored sensitive data, user should be aware of the configuration.

{quote}
decodeCFSURI is doing the some special decoding stuff for replacing @ with :// etc. But there
is no encode method and I think it’s done directly in getAuthority, instead can we make
like encode and decode method?
{quote}
I try to do as your suggest, and the url is specified by user, in  {{getAuthority}} we just
need to get the authority, so I think we don’t need {{encode}} method. 

{quote}
Also is it good to document about how to create ezs in other fs? ( I mean to tell the info
about what is the qualification to consider as ez? ex if underlying fs is hdfs, HdfsAdmin
has api to creae EZs)
{quote}
If using {{CryptoFileSystem}}, the encryption zone and corresponding key name are configured
in configuration file, it will not utilize underlying fs command, such as DFSAdmin. 


> CryptoFileSystem decorator using xAttrs and KeyProvider
> -------------------------------------------------------
>
>                 Key: HADOOP-10604
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10604
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Alejandro Abdelnur
>            Assignee: Yi Liu
>             Fix For: fs-encryption (HADOOP-10150 and HDFS-6134)
>
>         Attachments: HADOOP-10604.1.patch, HADOOP-10604.patch
>
>
> A FileSystem implementation that wraps an existing filesystem and provides encryption.
It will require the underlying filesystem to support xAttrs. It  will use the KeyProvider
API to retrieve encryption keys.
> This is mostly the work in the patch HADOOP-10150 minus the crypto streams



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message